Patent Issued for PKI-based user authentication for web services using blockchain (USPTO 11711219): United Services Automobile Association
2023 AUG 14 (NewsRx) -- By a
The assignee for this patent, patent number 11711219, is
Reporters obtained the following quote from the background information supplied by the inventors: “In computer science, authentication refers to the process of confirming the identity of an individual or thing. The ways in which the identity of a person may be authenticated fall into three categories, based on what are known as the factors of authentication: something the user knows, something the user has, and something the user is. Each authentication factor covers a range of elements used to authenticate or verify a person’s identity prior to being granted access, approving a transaction request, signing a document or other work product, granting authority to others, and establishing a chain of authority.”
In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “Implementations of the present disclosure are directed to securing network identity and providing for a more efficient and secure login system.
“In general, innovative aspects of the subject matter described in this specification can be embodied in methods that includes actions of receiving, at a smart contract on a distributed ledger, a signed authentication challenge, verifying the identity of the user who signed authentication challenge, and raising an event that indicates that the user has been authenticated; wherein a server listens for events from the smart contract, and associates a session between the web browser and the server with the user based on the event.
“Implementations can optionally include one or more of the following features. The methods may include adding an entry to the distributed ledger, the entry indicating that the user has been authenticated. The server may provide a code to a computer of the user, a mobile device may include the code in the signed authentication challenge, and the smart contract may include the code in the event. The code may be provided to the computer as part of a quick response code and the mobile device obtains the code through a camera. The same cryptographic key may be used to authenticate the user to a plurality of servers.
“Other implementations of any of the above aspects include corresponding systems, apparatus, and computer programs that are configured to perform the actions of the methods, encoded on computer storage devices. The present disclosure also provides a computer-readable storage medium coupled to one or more processors and having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein. The present disclosure further provides a system for implementing the methods provided herein. The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.
“Implementations of the present disclosure provide one or more of the following advantages. Users may be able to authenticate with multiple servers using the same credentials. Managing the login process may be improved. Computer security may be improved.”
The claims supplied by the inventors are:
“1. An authentication system, comprising: a server device comprising at least one processor configured to: receive, via a browser application, an access request from a personal computing system associated with a user; present to the personal computing system or a mobile computing system associated with the user a visualization having at least one input option; receive, from the personal computing system or the mobile computing system and via the at least one input option, a user input; determine, based on the user input, whether the user is not authenticated; in response to determining that the user is not authenticated, direct the personal computing system or the mobile computing system to a unique session identifier, the personal computing system or the mobile computing system being configured to: utilize the unique session identifier to generate a signed authentication statement based on a private key; and send the signed authentication statement to a distributed ledger, wherein the distributed ledger is configured to publish a login event representative of the signed authentication statement being authenticated, and wherein the signed authentication statement and an identity of the user is authenticated based on a public key; detect the login event; and associate a session being executed on the server and corresponding to the personal computing system, the mobile computing system, or both with the identity of the user based on the login event.
“2. The authentication system of claim 1, wherein the mobile computing system is configured, via a digital wallet application executed by the mobile computing system, to: utilize the unique session identifier to generate the signed authentication statement based on the private key; and send the signed authentication statement to the distributed ledger, wherein the distributed ledger is configured to publish the login event representative of the signed authentication statement being authenticated, and wherein the signed authentication statement and the identity of the user is authenticated based on the public key.
“3. The authentication system of claim 1, wherein the unique session identifier comprises a Quick Response (QR) or bar code.
“4. The authentication system of claim 3, wherein the mobile computing system is configured to scan the QR or bar code.
“5. The authentication system of claim 1, wherein the personal computing system comprises a mobile device or a personal computing device.
“6. The authentication system of claim 1, wherein the at least one processor is configured to generate the unique session identifier using the public key in response to receiving the access request.
“7. The authentication system of claim 1, wherein the at least one processor is configured to: detect a batch of login events including the login event; and simultaneously process the batch of login events to associate a plurality of sessions being executed on the at least one processor and corresponding to a plurality of personal computing systems with a plurality of identities of a plurality of users.
“8. One or more non-transitory, computer-readable media having instructions stored thereon that, when executed by at least one processor, cause the at least one processor to perform operations comprising: receiving an access request from a personal computing system associated with a user or a mobile computing system associated with the user; presenting to the personal computing system or the mobile computing system a visualization having at least one input option; receiving, from the personal computing system or the mobile computing system and via the at least one input option, a user input; determining, based on the user input, whether the user is not authenticated; in response to determining that the user is not authenticated, directing the personal computing system or the mobile computing system to a unique session identifier, the personal computing system or the mobile computing system being configured to: utilize the unique session identifier to generate a signed authentication statement based on a private key; and send the signed authentication statement to a distributed ledger, wherein the distributed ledger is configured to publish a login event representative of the signed authentication statement being authenticated, and wherein the signed authentication statement and an identity of the user is authenticated based on a public key; detecting the login event; and associating a session being executed on a server by the at least one processor and corresponding to the personal computing system, the mobile computing system, or both with the identity of the user based on the login event.
“9. The media of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to perform operations comprising: executing a browser application on the personal computing system; and receiving, via the browser application, the access request from the personal computing system.
“10. The media of claim 8, wherein the unique session identifier comprises a Quick Response (QR) or bar code.
“11. The media of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to generate the unique session identifier using the public key in response to receiving the access request.
“12. The media of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to: detect a batch of login events including the login event; and simultaneously process the batch of login events to associate a plurality of sessions being executed on the processor and corresponding to a plurality of personal computing systems with a plurality of identities of a plurality of users.
“13. The media of claim 8, wherein the instructions, when executed by the at least one processor, cause the at least one processor to: present, in response to associating the session with the identity of the user and on the personal computing system or the mobile computing system, a personalized launch page having user-specific information illustrated therein.
“14. A computer-implemented authentication method, comprising: receiving, via a browser application and at a processor of a server, an access request from a personal computing system of a user; directing, via the processor, the personal computing system or a mobile computing system associated with the user to a unique session identifier; utilizing, via the personal computing system or the mobile computing system, the unique session identifier to generate a signed authentication statement based on a private key; sending, via the personal computing system or the mobile computing system, the signed authentication statement to a distributed ledger, wherein the distributed ledger is configured to publish a login event representative of the signed authentication statement being authenticated, and wherein the signed authentication statement and an identity of the user is authenticated based on a public key; detecting, via the processor, the login event; and associating, via the processor and based on detection of the login event, a session being executed on the server and corresponding to the personal computing system, the mobile computing system, or both with the identity of the user.
“15. The authentication method of claim 14, comprising: presenting, via the processor, a visualization having at least one user input option to the personal computing system or the mobile computing system; receiving, at the processor, from the personal computing system or the mobile computing system, and via the at least one input option, a user input; determining, via the processor and based on the user input, whether the user is not authenticated; and in response to determining that the user is not authenticated, directing, via the processor, the personal computing system or the mobile computing system to the unique session identifier.
“16. The authentication method of claim 14, wherein the unique session identifier comprises a Quick Response (QR) or bar code.
“17. The authentication method of claim 16, comprising scanning the QR or bar code via the mobile computing system.
“18. The authentication method of claim 14, comprising generating, via the processor and in response to receiving the access request, the unique session identifier using the public key.
“19. The authentication method of claim 14, comprising: detecting, via the processor, a batch of login events including the login event; and simultaneously processing, via the processor, the batch of login events to associate a plurality of sessions being executed on the at least one processor and corresponding to a plurality of personal computing systems with a plurality of identities of a plurality of users.
“20. The authentication method of claim 14, comprising presenting, in response to associating the session with the identity of the user and on the personal computing system or the mobile computing system, a personalized launch page having user-specific information illustrated therein.”
For more information, see this patent: Liang, Minya. PKI-based user authentication for web services using blockchain.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Local physical environment modeling in extended reality environments (USPTO 11710280): United Services Automobile Association
Findings from Emory University Provide New Insights into Insurance (Affordable Care Act Medicaid Expansions and Maternal Morbidity): Insurance
Advisor News
- More than half of Gen X investors support parents or children
- Year-end Roth IRA conversions: What you need to know before the deadline
- Debt is limiting American retirement savings
- How starting a conversation with a stranger is like dating
- Why your clients might face higher taxes in retirement
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Data on Managed Care Reported by Researchers at University of Michigan (Racial/ethnic Disparities In Cost-related Barriers To Care Among Near-poor Beneficiaries In Medicare Advantage Vs Traditional Medicare): Managed Care
- Pay first, deliver later: Some women are being asked to prepay for their baby
- Employer Group Medicare Advantage Membership Trends by Mark Farrah Associates
- IBX and Penn Medicine have early agreement on reimbursement rates starting next July
- Long-term care: A view from the states
More Health/Employee Benefits NewsLife Insurance News